November 26, 2015 10:00 pm
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/L9bLSbAAmCk/900-embedded-devices-share-hard-coded-certs-ssh-host-keys
900 Embedded Devices Share Hard-Coded Certs, SSH Host Keys
An anonymous reader writes: Embedded devices of some 50 manufacturers has been found sharing the same hard-coded X.509 certificates (for HTTPS) and SSH host keys, a fact that can be exploited by a remote, unauthenticated attacker to carry out impersonation, man-in-the-middle, or passive decryption attacks. SEC Consult has analyzed firmware images of more than 4000 embedded devices of over 70 vendors — firmware of routers, IP cameras, VoIP phones, modems, etc. — and found that, in some cases, there are nearly half a million devices on the web using the same certificate.Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/L9bLSbAAmCk/900-embedded-devices-share-hard-coded-certs-ssh-host-keys
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot